Description
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md
Scores
CVSS v3
9.8
EPSS
0.0119
EPSS Percentile
64.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
echobh/sharecare
8.15.5
Published
Jul 13, 2021
Tracked Since
Feb 18, 2026